Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. The policy, provided by NIG, assists with and management of the incident itself, which can be essential when faced with reputational damage or regulatory enforcement.
As a business, you will rely on information technology (IT) infrastructure to some degree. As a result, many companies are exposed to the risks of business interruption, income loss, damage management and repair, and possibly reputational damage if IT equipment or systems fail or are interrupted (breached).
A UK Government survey* estimated that in 2015 74% of small to medium sized (SME) organisations suffered a cyber breach. The average cost of a cyber-security breach can be as much as £310,000 for an SME.
While many existing insurance policies, such as commercial property, business interruption or professional indemnity insurance, may provide some elements of cover against cyber risks, businesses are increasingly asking providers for specialised cyber insurance policies to supplement their existing coverage, particularly if, like you, they hold:
sensitive customer details such as names and addresses or banking information;
rely heavily on IT systems and websites to conduct their business;
process payment card information as a matter of course.
What is Cyber Liability Insurance?
If a company’s IT security is found to be inadequate and a breach occurs, the penalties can be high. Under EU regulations coming into force 25 May 2018, you will be required to notify your customers of a cyber security breach and could be fined up to 4% of your turnover**. In addition to potentially substantial fines it can also lead to a damaged reputation, legal costs and
associated business disruption and lost revenue. Will your customers trust you after a security breach?
Cyber cover and why you need it
Cyber Liability has become headline news following a number of high profile hacking cases which has led to a greater awareness of the risks and need for cover, but it’s not just the large corporates who are at risk.
As a managing agent you are likely to hold a lot of personal and sensitive data concerning your customers. The increasing use of online portals could give hackers access to sensitive information held about individual customer accounts. You can find out more about personal and sensitive data at the Information Commissioner’s Office. www.ico.org.uk
Deacon works with well-known insurers who offer competitive and comprehensive cyber insurance. This covers you against financial losses and third party liabilities up to the limits chosen arising from cyber attacks.
Cyber, data security and multimedia cover
Liability arising out of media exposure as a result of hacking. For example defamation, libel and infringement of intellectual property rights
The costs incurred, and which cannot be recouped, as a result of a third party benefiting from a data breach
Liability arising from the failure to properly handle, manage, store, destroy or otherwise control personally identifiable information
The costs to withdraw or alter data or images or other website content as a result of a court order or to mitigate a claim
Liability arising out of unintentional transmission of a computer virus
The costs to recover your computer system records that have been lost, damaged or deleted
Liability arising out of a hacker’s fraudulent use of information
Compensation costs arising as a result of directors, partners and employees attending court in connection with a covered claim
Legal defence costs
Your business is at risk if you:
Are reliant on computer systems to conduct your business
Have portals on your website
Hold sensitive customer data electronically
Have a transactional website
Are subject to Payment Card Industry (PCI) merchant and service agreements
Cover options available and their benefits
Information and communication recovery costs
– The costs to repair, restore or replace affected parts of your information and IT hardware and software, after they’ve been stolen, destroyed or affected by a hacker
– Payment for credit monitoring services in order to comply with data breach law
Data breach notification costs
– Costs to inform your customers and anyone affected, that a data breach has occurred
– Legal fees incurred to develop notification communications for the affected parties
– The costs to send and administer notification communications
– The costs of call centre services to respond to enquiries and queries following a notification communication
Regulatory defence and penalty costs
– Payment for any compensation which you are legally obliged to pay (including legal and defence costs)
Forensic costs. Payment for:
– A forensic consultant to establish the identity or methods of the hacker, or any other details required by the insurer following a data breach
– A security specialist to assess your electronic security and reasonable costs to improve them
– The temporary storage of your electronic data at a third party location, if your information and communication assets remain at risk from a hacker
Cyber business interruption cover
– Payment for loss of income as a result of total or partial interruption of communication assets caused by data security breaches, computer viruses and attacks
– Payment for reasonable and necessary expenses incurred, including the value of any ransom paid by the insured, for the purpose of terminating a cyber-extortion threat
– Cover applies to hardware while it is temporarily removed from the insured location
– You can also choose to cover portable hardware anywhere in the world
– The cost to remove viruses and for specialist advice to prevent viruses or hacking attacks following an incident
Where to go for more help…
If you have any doubts or concerns over your cyber security or you suspect you might be a victim of cyber crime contact www.actionfraud.police.uk. ActionFraud is the UK’s national fraud and cyber crime reporting centre and provide advice on fraud and cyber crime. Other sites you may find helpful include www.getsafeonline.org and www.gov.uk/government/collections/cyber-security-guidance-for-business.
Every organisation is a potential victim*
All organisations have something of value that is worth something to others. If you openly demonstrate weaknesses in your approach to cyber security by failing to do the basics, you may experience some form of cyber attack*. As part of your risk management process, you should be assessing whether you are likely to be the victim of a targeted or un-targeted attack. Every organisation connected to the Internet should assume they could be a victim of the latter. Either way, you should implement basic security controls consistently across your organisation, and where you may be specifically targeted, ensure you have a more in-depth, holistic approach to cyber security.
For a copy of our guide to Cyber insurance, the cover the policy** provides and examples of how the cover could benefit you, click here.
* Information Security Breaches Survey 2015, Department for Business, Innovation & Sills and MP Ed Vaizey ** For full terms and conditions please refer to the policy wording available on request. A broad range of cyber cover protection is offered and specialist advice at a time convenient to you. As with all insurance policies, the policy is subject to limits, conditions and exclusions. For full terms and conditions please refer to the policy wording available on request. This document does not purport to be comprehensive or to give legal advice. While every effort has been made to ensure accuracy, Deacon cannot be held liable for any errors, omissions or inaccuracies contained within the document. Readers are always recommended to take further professional advice before making any decisions. * From Common Cyber Attacks: Reducing the Impact, from the CESG The Information Security Arm of GCHQ https://www.ncsc.gov.uk/content/files/protected_files/guidance_files/common_cyber_attacks_2016.pdf